Employee Privacy: Utah

Employee Privacy requirements for other states

Federal law and guidance on this subject should be reviewed together with this section.

Author: Rachel Otto, Strindberg and Scholnick, LLC


  • While employees generally do not have an expectation of privacy in the workplace, Utah law provides several specific limitations on an employer's right to monitor employee activity. See Employer Right to Monitor Employee Activity.
  • Under Utah law there are four invasion of privacy claims that can be maintained: (1) intrusion upon solitude/seclusion; (2) appropriation of a person's name or likeness; (3) public disclosure of embarrassing private facts; and (4) publicity that places the person in false light in the public's eye. See Employee Right to Privacy.
  • Employers who provide accurate information to prospective employers in good faith are protected from liability. See Employment References.
  • Utah law places limitations on employer rights monitor employees with respect to surveillance and testing. See Limitations on Employer Rights.

Employer Right to Monitor Employee Activity

Drug and Alcohol Testing

Private employers may require drug and alcohol testing as a condition of hiring or continued employment under +Ut. Code § 34-38-1. However, employers and management must also periodically submit to the testing. +Ut. Code § 34-38-3(1).

Under +Ut. Code § 34-38-10, a drug test result is valid if a private employer complies with +Ut. Code § 34-38-6.

This section requires that drug and alcohol samples be collected and tested in sanitary conditions, in a manner that adequately protects employee privacy, and with reasonable safeguards against contamination. The testing must also conform to "scientifically accepted analytical methods and procedures."

Certain employers, such as transporters of high-level nuclear waste, are required to perform drug testing. +Ut. Code § 34-38-3(2) (a).

An employer must conduct drug and alcohol testing during, or immediately after, an employee's regular work hours and must pay the employee for the time needed to complete the test.

An employer must pay all costs of the testing, including the employee's transportation to the test site. +Ut. Code § 34-38-5.

An employer who drug tests under Utah law is not liable to an employee it tests unless it discloses test results to an unauthorized person (anyone other than the employer, an authorized employee, or an agent of the employer) or takes action against an employee based on an inaccurate test result.

An employee may also have a cause of action against the employer if the employer maliciously discloses an inaccurate test result. +Ut. Code § 34-38-10.

Medical Marijuana

Under the Utah Medical Cannabis Act (the Act), individuals over the age of 18 who are qualified registered users with a qualifying condition are allowed to use medical marijuana. The law may be superseded or modified by legislative amendments.

+Ut. Code § 26-61a-104.

Under the Act, an individual may not:

  • Smoke cannabis or use a device to the facilitate the smoking of cannabis; and
  • Ingest cannabis or a cannabis product while operating a motor vehicle.

Additionally, among other things, the law does not prevent an employer from having policies restricting the use of medical cannabis by applicants or employees.

+Ut. Code § 26-61a-112 and +2020 Bill Text UT S.B. 121 amending +Ut. Code § 26-61a-111.

For more detailed information on medical marijuana under Utah law, see Employee Health: Utah and Disabilities (ADA): Utah.

Polygraph Tests

An employer may require an employee to undergo polygraph tests, although it may not secretly test an employee. +Ut. Code § 58-64-501.

Employee Right to Privacy

Invasion of Privacy - Intrusion Upon Seclusion

To establish a claim for invasion of privacy, intrusion upon seclusion, an employee must show that:

  • There was an intentional substantial intrusion, physical or otherwise, upon the employee's solitude or seclusion; and
  • That the intrusion would be highly offensive and objectionable to a reasonable person.

See Stien v. Marriott Ownership Resorts, Inc., +944 P.2d 374 (Utah Ct. App. 1997).

Wiretapping would qualify as such an intrusion. Under Utah law, it is a class B misdemeanor to conduct surveillance or attempt to conduct surveillance without the consent of the subject. +Ut. Code § 76-9-402.

Invasion of Privacy - Appropriation Of Name Or Likeness

This claim requires that an employee show that his or her name or likeness that has some intrinsic value has been used for someone else's benefit. See Cox v. Hatch, +761 P.2d 556 (Utah 1988).

Additionally, the Abuse of Personal Identity Act permits prosecution for publishing an advertisement in which the personal identity of an individual is used in such a way that "expresses or implies that the individual approves, endorses, has endorsed, or will endorse" the subject of the advertisement. +Ut. Code § 45-3-3.

More generally, identity fraud is prohibited by +Ut. Code § 76-6-1102.

Invasion of Privacy - Private Facts Made Public

This legal claim requires an employee to show:

  • The facts disclosed are private;
  • The disclosure must be public, not private; and
  • The matter made public must be highly offensive and objectionable to a reasonable person.

See Shattuck-Owen v. Snowbird Corp., +16 P.3d 555 (Utah 2000).

Invasion of Privacy - False Light

To prove this claim an employee must show:

  • The offender publicized a matter concerning the plaintiff that put the plaintiff in front of the public in a false light;
  • The false light would be highly offensive to a reasonable person; and
  • The offender knew it would paint the employee in a false light or did not care that it would.

See Jensen v. Sawyers, +130 P.3d 325 (Utah 2005).

This type of action does not have to be defamatory. Additionally, the information does not have to be private.

A person may be placed in a false light via "the dissemination of praiseworthy but untrue information about that person, if a reasonable person would find the information highly objectionable." See Jensen v. Sawyers, +130 P.3d 325 (Utah 2005).

Employment References

An employer who provides information in good faith about job performance, professional conduct, or evaluation of a former or current employee to a prospective employer of that employee may not be liable either for the disclosure or what happens to the employer as a result of the disclosure. +Ut. Code § 34-42-1.

Utah courts will determine that an employer is giving a good faith employment reference unless there is evidence that the reference was given to harm an employee. However, Utah law prevents an employer from blacklisting an employee. +Ut. Code § 34-24-1. Notably, though, there is no private cause of action under this statute.

Limitations on Employer Rights

Employee Right to Carry Firearms

Utah law protects certain activities in private vehicles, such as carrying firearms, subject to certain restrictions. In other words, a private employer can implement a no-firearms policy in the building, but cannot prohibit employees from keeping guns in their cars unless it provides alternative parking or storage. +Ut. Code § 34-45-103.

Information About Job Applicants

An employer cannot use information about a job applicant obtained through an initial selection process for any purpose other than to determine whether the employer will hire the applicant. +Ut. Code § 34-46-202.

Additionally, the employer must maintain a specific policy regarding retention, disposal, access, and confidentiality of the applicant's information, and may not maintain the information for more than 2 years. +Ut. Code § 34-46-203.

Genetic Testing

Employers are required to comply with the Genetic Testing Privacy Act (Act). +Ut. Code § 34A-11-101. This Act states that, when making employment-related decisions, employers (or potential employers) may not access or consider "private genetic information about an individual"; request or require an individual to consent to release allowing the employer access to genetic information; request an individual or a blood relative to submit to a genetic test; or inquire or consider the fact that the individual or relative has refused to take a test. +Ut. Code § 26-45-103(1).

Notwithstanding these provisions, the employer may seek an order compelling disclosure of private genetic information in connection with judicial or administrative proceedings in which the individual's health is at issue; an employment-related decision where the employer has a reasonable belief that the individual's health condition poses a safety risk. +Ut. Code § 26-45-103(2).

The order compelling this type of disclosure must meet certain conditions, as enumerated in +Utah Code § 26-45-103(2)(b).


Utah law prevents blacklisting of employees. +Ut. Code § 34-24-1.

Consumer Credit Protection

Pursuant to the Consumer Credit Protection Act, Utah governmental entities may not employ or contract for employment an inmate of any Department of Corrections facility or county jail in any position that would allow the inmate employee access to any other person's personal information. +Ut. Code § 13-45-301.

Radio Frequency Identification Tag

Under Utah law, no individual may be required, coerced or compelled to undergo the implantation of a radio frequency identification tag under his or her skin. There are both civil and criminal penalties for this conduct. +Utah Code Ann. § 77-23a-4.5.

Privacy in Communications

Under the Utah Interception of Communications Act, employers generally may not intercept audio electronic communications of employees or make audio or video recordings of employees without their consent, unless the employer itself is a party to the communication. Employees generally must have knowledge that their communication with third parties is subject to monitoring. +Utah Code. Ann. § 77-23a-1 through +Utah Code. Ann. § 77-23a-16 .

Any employer who wishes to record conversations of employees for job-related reasons should clearly state in a handbook, posting or employee acknowledgement form that such monitoring may occur. Further, it is important to state in a handbook that:

  • Documents and communications created, sent, received or stored on the employer's computer system are the property of the employer;
  • Employees should have no expectation of privacy in those documents and communications; and
  • The employer reserves the right to monitor those documents and communications.

Social Media Privacy

The Internet Employment Privacy Act (Act) addresses the privacy rights of employees and applicants in personal social media accounts. +Utah Code Ann. § 34-48-101

Specifically, the Act prohibits employers from requesting or requiring that employees or applicants disclose usernames and passwords which would permit access to personal internet accounts. A personal internet account is any online account used by an employee or applicant exclusively for personal communications unrelated to any business purpose of the employer. It does not include any account created, maintained, used or accessed by an employee or applicant for business-related communications or business purposes of the employer. The Act also contains an anti-retaliation provision and prohibits employers from taking adverse actions against individuals who refuse to provide such information.

However, under the Act employers are not prohibited from doing the following:

  • Requesting user names and passwords to access an employer-provided device or to access internet accounts or services provide by the employer, obtained in connection with the employee's employment or used for the employer's business purposes;
  • Disciplining or discharging employees who transfer the employer's proprietary data or confidential information to a personal internet account without employer authorization;
  • Conducting investigations or requiring employees to participate in investigations regarding employee misconduct or the unauthorized transfer of the employer's proprietary, confidential or financial information to an employee's personal internet account;
  • Restricting employee access to certain websites when using an employer-provided device;
  • Monitoring, reviewing access or blocking electronic data stored on an employer provided devices;
  • Complying with a duty to screen employees or applicants prior to hiring or monitoring or retaining employee communications pursuant to Securities and Exchange Commission (SEC) regulations or law enforcement; and
  • Viewing, accessing or using information about an employee or applicant that is in the public domain or can be accessed without an individual disclosing a username or password.

The Act does not create a duty to search or monitor employee or applicant personal internet activity. Further, an employer will not be liable for failing to request or require access to an employee or applicant's personal internet account. The Act allows aggrieved individuals may bring a private cause of action and obtain an award of not more than $500.

Protecting Personal Information

Utah's Protection of Personal Information Act (Act) requires a person or business who conducts business in Utah and owns or licenses computerized data that includes information concerning a Utah resident to adopt and carry out reasonable measures to disclosure a breach of personal information, prevent unlawful use of the personal information and destroy records containing personal information. +Utah Code Ann. § 13-44-201.

For more information on security breach notification, see Workplace Security: Utah.

Future Developments

There are no developments to report at this time. Continue to check XpertHR regularly for the latest information on this and other topics.

Additional Resources

Employee Privacy: Federal